Since Mozilla is still working on a fix, the researchers won't share details about the problem. Tipping Point ranked the severity of the vulnerability as high, but said that users would have to click on a link in an e-mail or visit a malicious Web page before being affected. The issue affects users of Firefox 3.0 as well as Firefox 2.0.

Click to expand...

So far it's the researchers and not the malware community with the info (hopefully).

I wish we knew more about it. It would be nice to know if NoScript would prevent it.

Your right about the malware writers. They will persist as long as there is money to be made. It also looks like the "researcher" that submitted the vulnerability will get some money for his or her hard work .

This is also why I run my internet facing applications in a sandbox. I don't have to wait for Mozilla or whoever to issue a fix that patches their hole.

I guess put FF in a sand box and hope for the best.. it just seem like they could have found this hole during beta testing. i'm sure they will come up with a few reasons to how this did not get checked or addressed before release we all know the game buy now.

I guess put FF in a sand box and hope for the best.. it just seem like they could have found this hole during beta testing. i'm sure they will come up with a few reasons to how this did not get checked or addressed before release we all know the game buy now.

Click to expand...

Eh, at least they probably WILL try to explain it, unlike all the vulnerabilities in Windows XP that SEVEN YEARS later they are still patching holes in monthly....yeah, I did have to take a shot at them, I was in the mood

how you doing innerpeace i sure hope they have a fix soon every time i try to lighten the security i end up having to add more i think i will just put 1 of every security app on this time that way i would be ahead of the game.

Hi HyperFlow, You don't need more security apps. Your already ahead of the game by knowing there is a vulnerability. If it was in the wild you would also here about it and could apply the workaround if there was one. Your other security software would probably also protect you. That's what proper layering is about.

I only mentioned a sandbox because to me it's just easier to isolate 'risky' programs than constantly worry about vulnerabilities and keeping all internet related programs updated. Sometimes it's a PITA keeping updated but it's well worth it. With a properly configured sandbox it allows some "wiggle" room while still theoretically being protected.

As a good guy, I would never talk about vulnerabilities in softwares or publish them and inform the bad guys this way. It looks almost like helping the bad guys. Just fix it in the next version and in absolute silence.

As a good guy, I would never talk about vulnerabilities in softwares or publish them and inform the bad guys this way. It looks almost like helping the bad guys. Just fix it in the next version and in absolute silence.

Click to expand...

Only one problem with that, the malware guys were very likely pouring over Firefox 3 the moment they got their hands on it, so they probably would have found it anyway.